Hello there!
Few years ago, to connect to my router securely, I made my own Certificate Authority and certificate for router signed by it (LuCi, ssl and Firefox)
My actions were:
Well, I didn't understand, what was really happen, but my reissuing of certificates with additional detailed info solved the problem. The next post is what I came to.
Creating an X509 V3 certificate extension config file, which is used to define the Subject Alternative Name (SAN) for the certificate. File router.ext is:
I didn't install any additional packages to router (OpenWrt 22.03.2). So, the used tools are ssh, scp and vi. Moving router.crt and router.key to router host (if the error "ash /usr/libexec/sftp-server not found scp connection closed" occurs use -O flag, see 'man scp')
In line with option cert set /etc/ssl/router.crt value, and in line with option key set /etc/ssl/router.key value. Also, to enable http -> https redirection set 1 value to option redirect_https. Then, restart uhttpd.
/etc/init.d/uhttpd restart
Adding cert files to backup list. In LuCI, go to System -> Backup/Flash Firmware, Click Configuration tab, then add /etc/ssl/router.crt & /etc/ssl/router.key
Setting up browser
I use Firefox.
Open about:preferences#privacy
Certificates -> View Certificates -> Authorities -> Import
Select localCA.crt.pem and restart Firefox.
Now it will trust all certificates signed with local CA in LAN.